I need to handle several cases because sometimes parameters are in the path and sometines they are in the query. Depending on the user. This last case fails. The header value for AUTHORIZATION looks empty.

# if the query string includes the authorization parameter
RewriteCond %{QUERY_STRING} ^(.*)authorization=@(.*)@(.*)$
# keep the value of the parameter in the AUTHORIZATION variable and redirect
RewriteRule ^/(.*) http://<ip>:<port>/ [E=AUTHORIZATION:%2,NE,L,P]
# add the value of AUTHORIZATION in the header
RequestHeader add "Authorization" "%{AUTHORIZATION}e"

Your editing has done something to the layout of the question, and I can't work out what you're trying to say. Is that an answer to the problem? Can you re-edit to get the layout a bite easier to read.
–
CK.Aug 4 '09 at 13:58

3 Answers
3

It looks like you've got the 'L' (last) flag on the first rule. Rule processing will stop there, and no more re-writing will happen. I don't think the second rule will ever be reached. Try removing the 'L' flag.

Edit

Oh, and you've got the 'P' (proxy) flag set, too. That will also stop rewrite rule processing at that point and force a proxy request through mod_proxy.

Can you do it all in one rule, as the pattern match is the same. I'm not completely sure what you're after, but this might do it:

Aha, I think I see what you are trying to do now. As soon as you specify the [P] in the flags, the proxy request happens at that point. If I read the question correctly, you want the AUTHORIZATION var passed in to that request, so you'll need to put that in before the [P]:

# if the query string includes the authorization parameter
RewriteCond %{QUERY_STRING} ^(.*)authorization=@(.*)@(.*)$
RewriteRule ^/(.*) - [E=AUTHORIZATION:%2]
# add the value of AUTHORIZATION in the header
RequestHeader add "Authorization" "%{AUTHORIZATION}e"
# keep the value of the parameter in the AUTHORIZATION variable and redirect
RewriteRule ^/(.*) http://<ip>:<port>/ [NE,L,P]

Completely untested, but should do what you want - if I understand the question correctly.

Apache Config Update

Do you have AllowOverride FileInfo set for that directory in httpd.conf? If not, then you won't be able to use RequestHeader in .htaccess

You understand the question correctly, but the solution doesnt seem to work. The %{AUTHORIZATION} variable still isnt set.
–
GuillaumeAug 5 '09 at 7:28

Can you try some things to check to see what the problem is. The mod_headers docs suggest that "RequestHeader add Authorization %Authorization" might work. Can you try adding a fixed header to check that it's getting that far in the config. Something like "RequestHeader add DebugHeader DebugValue", and check that is getting through.
–
CK.Aug 5 '09 at 10:36

I suspect you either can't override the Authorization header or that it's mangled later in the request process. As I'm sure you know, Authorization: is used for HTTP basic authentication so there's a good chance that something else is diddling it. Can you use a differently-named header?